Currently, to improve network security, association needs to be implemented between each network device in a subnet and a network security device so that all the network devices in the subnet can perform collaborative defense when the subnet is attacked. To implement the association between the network devices and the network security device, a manufacturer of the network security device needs to provide an interface protocol so that a manufacturer of the network devices can develop a corresponding communications module according to the interface protocol provided by the manufacturer of the network security device to implement the association between the network devices and the network security device.
However, for a network system that has multiple subnets, when one subnet is attacked by an attack source, only the directly attacked subnet executes a corresponding security policy. Therefore, the same attack source only needs to launch the same attack on different subnets in the network system. If one of the subnets lacks sufficient defensive measures or is weak in security, this subnet is easily crackable, which decreases security of the entire network system.